Ubuntu Security Notice 3170-2 - Andrey Konovalov discovered that the ipv6 icmp implementation in the Linux kernel did not properly check data structures on send. A remote attacker could use this to cause a denial of service. Andrey Konovalov discovered that signed integer overflows existed in the setsockopt system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service. Various other issues were also addressed.
5786a48bfee937cace3b7751bb9c0eb7fbf315f58862c75f47d84d7b98c0176a